CVE-2019-14495 – CVE-2019-14495 is an out-of-bounds write vulner... (How to Fix)

Q: What is the severity of CVE-2019-14495?

CVE-2019-14495 has a CVSS score of 9.8 (CRITICAL). CVE-2019-14495 is an out-of-bounds write vulnerability in the webadmin.c component of 3proxy's admin interface, allowing attackers to execute arbitrary code or crash the service. This affects all systems running 3proxy versions before 0.8.13 with the admin interface enabled. Attackers can exploit this remotely without authentication.

📋 TL;DR

CVE-2019-14495 is an out-of-bounds write vulnerability in the webadmin.c component of 3proxy's admin interface, allowing attackers to execute arbitrary code or crash the service. This affects all systems running 3proxy versions before 0.8.13 with the admin interface enabled. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:

3proxy

Versions: All versions before 0.8.13

Operating Systems: Linux, Windows, BSD, macOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if admin interface is enabled in configuration (not enabled by default).

📦 What is this software?

3proxy by 3proxy

View all CVEs affecting 3proxy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Service crash leading to denial of service, with potential for remote code execution depending on exploit sophistication.

🟢

If Mitigated

Limited impact if admin interface is disabled or network access is restricted, though underlying vulnerability remains.

🌐 Internet-Facing: HIGH - The admin interface is often exposed, and exploitation requires no authentication.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows privilege escalation and lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in the admin interface which typically doesn't require authentication. Public exploit code exists in the commit diff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.13

Vendor Advisory: https://github.com/z3APA3A/3proxy/releases/tag/0.8.13

Restart Required: Yes

Instructions:

1. Download 3proxy 0.8.13 or later from GitHub releases. 2. Stop the 3proxy service. 3. Replace the binary with the patched version. 4. Restart the 3proxy service.

🔧 Temporary Workarounds

Disable Admin Interface

all

Disable the vulnerable webadmin interface in 3proxy configuration

Edit 3proxy.cfg and remove or comment out 'admin' configuration lines
Restart 3proxy: systemctl restart 3proxy

Network Access Control

linux

Restrict network access to the admin interface port

iptables -A INPUT -p tcp --dport [admin_port] -j DROP
ufw deny [admin_port]

🧯 If You Can't Patch

Disable the admin interface completely in configuration
Implement strict network segmentation and firewall rules to block access to admin port

🔍 How to Verify

Check if Vulnerable:

Check 3proxy version and configuration for enabled admin interface: grep -i admin /etc/3proxy/3proxy.cfg

Check Version:

3proxy --version 2>&1 | head -1

Verify Fix Applied:

Verify version is 0.8.13 or later: 3proxy --version

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes of 3proxy service
Unusual connections to admin interface port
Memory corruption errors in system logs

Network Indicators:

Exploit attempts to admin interface port (default 3128)
Unusual traffic patterns to 3proxy admin endpoint

SIEM Query:

source="3proxy.log" AND ("segmentation fault" OR "admin" AND "POST")

📊 Metadata

CVE ID: CVE-2019-14495

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 1, 2019

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-14495, you might also want to check these: